Pages:
Author

Topic: Can Bitcoin Mixer services be trusted? - page 2. (Read 624 times)

legendary
Activity: 2268
Merit: 18771
March 27, 2022, 08:27:32 AM
#24
you don't have the associated private keys to your deposit and you risk losing your money but no one is discussing that which I'm having interest on.
Yes, this is a risk. When you deposit coins to any exchange, casino, mixer, etc., then you are giving up custody of them. This is a risk I am willing to accept with ChipMixer due to a number of reasons: Firstly, I am mixing small amounts of coins at a time and not leaving amounts I can't afford to lose in the custody of a mixer, and secondly, they have mixed hundreds of thousands of bitcoin over the years without a single incident of loss or theft.

why not go through Coinjoin where you have access to your keys than a mixer that you have to trust about your privacy and custody of funds.
Coinjoin is another useful tool, but it is neither perfect nor infallible:

Still, it seems that Wasabi has never been as safe as we all think:
Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.
hero member
Activity: 1106
Merit: 912
Not Your Keys, Not Your Bitcoin
March 27, 2022, 07:35:21 AM
#23
Can we just put aside the other worries and address the main problem? I want to believe Sending bitcoin (either Utxo that has been KYC or not) to a mixer is risky because even if you know a little about their protocols,  you don't have the associated private keys to your deposit and you risk losing your money but no one is discussing that which I'm having interest on.
If not for the fact that some Mixers claimed that they usually purge their logs, why trust a mixer that can be threatened just like an exchange? why not go through Coinjoin where you have access to your keys than a mixer that you have to trust about your privacy and custody of funds.

@o_e_l_e_o
legendary
Activity: 2268
Merit: 18771
March 27, 2022, 03:46:44 AM
#22
Bob can send a voucher to a third party acting as escrow. Escrow checks it, creates a new voucher, and gives it to Alice.
I was thinking more of a trustless escrow, such as Bisq's 2-of-2 multi-sig escrow between buyer and seller, rather than just shifting the trust from one party to another. I can't see a way to do this in the current system.

And it would allow them to advertise on this forum again, right?
It should do. The whole point of the blinding is that even ChipMixer would not know which certificate is which. They would be unable to log any activity as all they can tell is if a certificate is valid and unspent, but not when it was signed or who has owned it.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 26, 2022, 04:08:25 PM
#21
I can't see a way to safely escrow
Bob can send a voucher to a third party acting as escrow. Escrow checks it, creates a new voucher, and gives it to Alice.

Now this risk is with the escrow:
The risk is that the other party redeems the voucher and then claims that it didn't work, or sends you a fake or already redeemed voucher.

Quote
Unless of course ChipMixer implemented blinded bearer certificates.
As far as I understand BBC, that would really be the next large step for privacy.
And it would allow them to advertise on this forum again, right?
legendary
Activity: 2268
Merit: 18771
March 26, 2022, 04:01:45 PM
#20
I'll add a bit to what has been said already: you could get a voucher from ChipMixer, and exchange that with someone else (obviously someone you trust). If you do that, there's not a single entity on the planet who could know all the information linking your incoming and outgoing transactions.
So I'm quite interested in exploring this. In order to maintain your privacy from the other party, you would have to exchange vouchers rather than private keys, so I didn't know which UTXOs you ended up spending and vice versa. Given that ChipMixer now allows you to generate vouchers of custom amounts, then it is trivial to create vouchers of matching sizes. However, if I split a voucher of 0.008 BTC off from a larger stack and we swapped vouchers, there would be no point in my combining that 0.008 BTC back in to my larger stack, since that would defeat the entire purpose of the swap.

The risk is that the other party redeems the voucher and then claims that it didn't work, or sends you a fake or already redeemed voucher. I can't see any way around this, since if you wanted to send a hidden voucher or similar to someone else then it would require the cooperation of ChipMixer, which brings us back to square one. So as you say, you could only do this with someone you trust, since I can't see a way to safely escrow or blindly send the vouchers to each other. Unless of course ChipMixer implemented blinded bearer certificates.

hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
March 26, 2022, 12:52:46 PM
#19
Bitcoin mixers can be trusted in a way you trust your friends who know your secrets. It depends on your friends whether they tell your secret to someone else or not but keep in mind that friends can be tortured to reveal your secrets.

Keep in mind that Blockchain analysis and tracking methods are improving daily. You not only need to trust bitcoin mixers but to trust your computer's software/hardware, trust your OS, trust your Browser and then trust your mixer.

There are problems that you should always keep in mind:
1. Mixer will scam you and not send your coins.
2. Mixer is run by authorities.
3. Mixer stores your log and data.
 3.1 - Mixer may sell your data
 3.2 - Mixer may reveal your info/data if they get in trouble with authorities.
4. Mixer website contains viruses.

There are chances that you'll experience at least one problem from the list and there are chances that you won't experience any listed problem. This is the situation where you have to trust their words, it's a risk anyway.

I want to tell you one thing, if everything that you do is legal and you just wanna hide your legal transactions, then you can feel secure by using popular bitcoin mixers. If you do something illegal, which I hope you don't do, then trust nobody or every trust will carry serious potential risks.
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
March 26, 2022, 05:53:00 AM
#18
Think it's pretty clear by now to OP. You can't trust any mixer to be a good actor because they're all centralised. In the end, like every business, you hope their motivation to conduct business correctly to ensure future income is more than their motivation to run off with your funds or steal your data.

If it's fund security you're worried about, even with alternative type of mixing like CJ where you maintain custody of funds, you have to give up a degree of mixing efficacy (to me).

Really do read the posts suggested by LoyceV (the ChipMixer articles).

However, it's hard to believe big company like BitPay reuse same address. I can't imagine the pain when user make mistake (under pay, over pay, etc.).
I've seen it with my own eyes: the address they gave me was funded half a year earlier.
But it was (is?) much worse with the instant exchanger I mentioned: they used a few different deposit address many times per day.

I can confirm the same. Was some time ago though, it was legacy address, I checked it as force of habit and saw it had 2 older txs, funded and then swept out I guess. It's not even the first time, I've seen it on other services before, and on some services I've been using for years, never once (Localbitcoins, for example, probably used hundreds in my lifetime, and they're now on bech32, but have never given a recycled address) so I know it's just negligence on the part of services who do.

And ETF, when users make a mistake, though, you don't talk to BitPay. You talk to merchant if you overpay or make a mistake who then refunds you only in fiat (and you can't underpay, Bitpay just would reject the invoice and ask you to get your refund from the merchant).

Happened to me plenty during peak congestion, when it takes too long to confirm (expire) or you use RBF (yeah, who knew) so you're forced to overpay fees in a major way with BP. Sorry, didn't meant to go on a rant.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 26, 2022, 04:59:16 AM
#17
However, it's hard to believe big company like BitPay reuse same address. I can't imagine the pain when user make mistake (under pay, over pay, etc.).
I've seen it with my own eyes: the address they gave me was funded half a year earlier.
But it was (is?) much worse with the instant exchanger I mentioned: they used a few different deposit address many times per day.
hero member
Activity: 2786
Merit: 657
Want top-notch marketing for your project, Hire me
March 25, 2022, 05:17:37 PM
#16
Never mixer huge BTC, always use Tor, and make sure you use 3 direct mixing methods (decentralized mixing should be included).
Can you talk a little more about this? Or in what topic it is possible to find out?
This is issue was discussed some years ago and based on the research was done by reputable members of the forum that there's a chance for flaws when mixing a huge number of BTC like 500 at once through an external mixing service and you're also trusting the external tumbler not to run away with your BTC either.
Having said that, when you mix through Bitcoin tumblers, you're trusting them not to keep logs this is the reason why it is good to use different tumblers when anonymity is a top priority. After you use Bitcoin tumbler, make use of a privacy wallet like Wasabi and no KYC p2p exchange.


Does anyone have updated information about the open transactions?
legendary
Activity: 2212
Merit: 7064
March 25, 2022, 10:28:16 AM
#15
Wallet address rarely shared among multiple user though, unless you use custodial service.
It's not that rear if you think about it.
I think dkbit98 meant wallet addresses can be paid to by multiple users. Although not recommended, it's not uncommon to ask different people to pay to the same address. I even see it on Bitcointalk for raffles or paying back loans, I've seen Bitpay do it, and I've seen instant exchangers reuse addresses.
Yes, and I even know some cases with multiple members of one family are using one bitcoin address, or some company is using only one addresses for accepting payments or donations.
That means that Bitcoin address can be personal used by one human but it's not necessarily, similar like one family is using one IP address in the same home,
or how internet providers have shared IP addresses instead of more expensive static IP addresses, that are usually optional.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 25, 2022, 05:52:58 AM
#14
Wallet address rarely shared among multiple user though, unless you use custodial service.
I think dkbit98 meant wallet addresses can be paid to by multiple users. Although not recommended, it's not uncommon to ask different people to pay to the same address. I even see it on Bitcointalk for raffles or paying back loans, I've seen Bitpay do it, and I've seen instant exchangers reuse addresses.
legendary
Activity: 952
Merit: 1386
March 25, 2022, 04:47:33 AM
#13
If you use tor or use a public WiFi service then you'll be much more hidden.
Public WiFi is not secure, anonymity in this regard would be better with Tor.

And cameras, do not forget about cameras.
For example : if you go to bar/cafeteria to use their free WIFI, the most probably you will be recorded.

I think it's similar to having a gun - it gives you a false sense of security (in this case, anonymity).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 25, 2022, 04:31:00 AM
#12
Can you briefly say for overall development what information can be obtained using Cloudflare?
Everything:
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot

Ok. Has this topic already been discussed on the forum, where I can fill the gap in my knowledge?
I've seen some discussions about it. A good place to start might be different ANN threads on the Service Announcements board.  ChipMixer wrote a few articles about Best practices of Bitcoin mixing.

Quote
the bitcoin network was considered anonymous
It never was. Bitcoin is pseudo-anonymous at best.

Quote
everything is going to the fact that not a single transaction will be carried out without mixing services.
That's not needed. It really depends: you probably wouldn't mind paying for your coffee from an address linked to the address you use to pay for your lunch. But it's not wise to let your local barista know you own $100M in Bitcoin, and you may not want to pay for sexual services from the address you received your Christmas bonus on.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
March 25, 2022, 02:56:24 AM
#11
1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?

It'll be impossible to verify whether this data is stored by a mixer or not. Most say they won't keep logs or will only keep them for a certain amount of time (chipmixer is a week unless you destroy your session and then it's straight away - from what they say).

Anything can be said. Ok. I understood. So, by default, need to be prepared for the worst: that information about you is stored and can be transferred to third parties.

If you use tor or use a public WiFi service then you'll be much more hidden.

As far as I know, it's not enough to use tor with default settings, but that's another topic for discussion.
In our country, to connect to public WiFi, need to specify a phone number. Well, you understand how hidden it can be and someone already wrote above that public WiFi is not the best idea.

If the Bitcoin mixer uses Cloudflare they have enough information about their user saved. However, they didn't save any of their customer data theres information the hacker that access their website will get.
Can you briefly say for overall development what information can be obtained using Cloudflare?

Never mixer huge BTC, always use Tor, and make sure you use 3 direct mixing methods (decentralized mixing should be included).
Can you talk a little more about this? Or in what topic it is possible to find out?

I have no idea how this service works.
It's hard to discuss privacy of mixers if you don't know how it works, or haven't at least tried it.
I touched not so much on the technical aspects of privacy, but more on information of a general nature.

Different mixers work in different ways.
Ok. Has this topic already been discussed on the forum, where I can fill the gap in my knowledge?

If at the beginning of the birth of crypto industry mixing services there was no, in view of the fact that the bitcoin network was considered anonymous, now everything is going to the fact that not a single transaction will be carried out without mixing services. New times - new needs.
legendary
Activity: 2212
Merit: 7064
March 24, 2022, 08:29:15 AM
#10
I believe that when it comes to privacy and anonymity, you can't trust anyone at all. So what kind of information can a bitcoin mixer service get?
All they can get is your bitcoin address use for sending them coins with all past transactions, and IP address you used for connection on their website.
You can easily mitigate that and hide your real IP address with using Tor browser that is recommended anyway or with alternative paid vpn service.

Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?
All this information is probably stored for some time on their servers, but good mixers will delete this data periodically.
My assumption is that some mixers could be operated by government organizations in same way like they run Tor nodes, so they will probably going to save all your activity.
You can use mixers multiple times making it very hard for anyone to read complete history for your transactions.

If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?
I already answered this, and there is no need to ask the same question twice.

How can minimize the collection of personal information by mixers?
There is no ''personal'' information collected by mixers, it's just IP address and your wallet address, both of this can be used my multiple humans if they are shared.
You are again asking same question multiple times, and I said yo can use Tor browser or vpn, with good address management.
legendary
Activity: 1974
Merit: 2124
March 24, 2022, 06:53:20 AM
#9
If you want to use a mixing service, you will need a reputed one that you can trust, if you do not trust any, then do not use any mixer.
Even if you are using the reputed mixing services you should be extra cautious to look for the legit one's as the fake copies are also around the net with same UI to make you fool for which newbies fall.

The popular mixing service of Chipmixer is used by many to avoid the orginal tracing of address but some fake websites are always ready to scam you of your funds like this recent one so take care of it.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 24, 2022, 06:30:07 AM
#8
4) How can minimize the collection of personal information by mixers?

Use Tor Browser. But if you're willing to use terminal with Tor/VPN with some trial and error, you can make POST request so the mixer have no information about your browser/OS.

5) What other weaknesses and vulnerabilities are there in the scheme "your address 1 - mixer - your address 2"?

Under the hood, usually it's more complex than "Your Address 1 - Mixer Address - Your Address 2". But the weakness heavily depends on how mixer mix user coin and user behavior. You might want to check Breaking Mixing Services.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 24, 2022, 06:22:04 AM
#7
I have no idea how this service works.
It's hard to discuss privacy of mixers if you don't know how it works, or haven't at least tried it. Different mixers work in different ways.

I'll add a bit to what has been said already: you could get a voucher from ChipMixer, and exchange that with someone else (obviously someone you trust). If you do that, there's not a single entity on the planet who could know all the information linking your incoming and outgoing transactions.
hero member
Activity: 2786
Merit: 657
Want top-notch marketing for your project, Hire me
March 23, 2022, 02:46:19 PM
#6
I believe that when it comes to privacy and anonymity, you can't trust anyone at all. So what kind of information can a bitcoin mixer service get?
Yes, when privacy is the top priority you can't trust anyone, and thats people are advised to you 2 or more mixing services but there are some Bitcoin mixers that have been operating for years with no problem. The information the Bitcoin mixer gets is the wallet address used and IP address.

1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?
Yes, you're correct but there are some mixers that operated in p2p while there are some that provide you with a chip that is already funded before you mix your coin, and what they provide you is the chip that's equal to the amount of BTC want to receive with the private keys to the wallet that contain the Chips.

2) If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?
You have already answered this question yourself but the last time I checked most Bitcoin mixers use Tor and what you need is to know how to use it. So, the IP address and user location shouldn't be a problem.

3) What information about users can generally be stored on bitcoin mixing service servers? If attackers / hackers get access to them, then this can be used to the detriment of users, right?
If the Bitcoin mixer uses Cloudflare they have enough information about their user saved. However, they didn't save any of their customer data theres information the hacker that access their website will get.

4) How can minimize the collection of personal information by mixers?
Every mixer has its own rules, regulations, and mode of operation. You just have to use those that have a good record and require minimum data.

5) What other weaknesses and vulnerabilities are there in the scheme "your address 1 - mixer - your address 2"?
Never mixer huge BTC, always use Tor, and make sure you use 3 direct mixing methods (decentralized mixing should be included).
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
March 23, 2022, 02:36:37 PM
#5
If you want to use a mixing service, you will need a reputed one that you can trust, if you do not trust any, then do not use any mixer.

After having less privacy (in a way the public can trace your addresses on blockchain) like your bitcoin addresses are connected together (maybe) during transaction and some other reasons, this would be available for the public as the blockchain is transparent. This is one of the reasons someone can decide to use a mixer, even if the addresses are known to the mixer, the public will not know the owner of the old address is the owner of the new address which is the function of a mixer.

If you use tor or use a public WiFi service then you'll be much more hidden.
Public WiFi is not secure, anonymity in this regard would be better with Tor.
Pages:
Jump to: